Lucene search
PRIOn knowledge basePRION:CVE-2024-27932HistoryMar 14, 2024 - 10:53 p.m.
Design/Logic Flaw
2024-03-1422:53:54
PRIOn knowledge base
www.prio-n.com
15
deno
javascript
typescript
webassembly
logic flaw
token leak
security patch
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier’s hostname is equal to or a child of a token’s hostname, which can cause tokens to be sent to servers they shouldn’t be sent to. An auth token intended for example[.]com may be sent to notexample[.]com. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue
| CPE | Name | Operator | Version |
|---|---|---|---|
| deno | eq | = >= 1.8.0, < 1.40.4 |
Related
nvd
nvd
CVE-2024-27932
2024-03-21 02:52:21
cve
cve
CVE-2024-27932
2024-03-21 02:52:21
github
github
Deno's improper suffix match testing for DENO_AUTH_TOKENS
2024-03-06 17:03:36
osv
osv
Deno's improper suffix match testing for DENO_AUTH_TOKENS
2024-03-06 17:03:36
CVE-2024-27932
2024-03-21 02:52:21
cvelist
cvelist
CVE-2024-27932 Deno's improper suffix match testing for DENO_AUTH_TOKENS
2024-03-06 20:45:16